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(57) Abstract 

Methods and apparatus are provided that imple- 
ment digital signing and/or encryption for the elec- 
tronic transmission, storage, and retrieval of authenti- 
cated documents and that enable the establishment of 
the identity of the originator of an electronic document 
and of the integrity of the information contained in such 
a document. Together these provide irrevocable proof 
of authenticity of the document. The methods and ap- 
paratus make it possible to provide "paper-less" com- 
mercial transactions, such as real estate transactions and 
the financial transactions secured by real estate. A Cer- 
tification Authority provides tools for initializing and 
managing the cryptographic material required to sign 
and seal electronic documents. An Authentication Cen- 
ter provides "third party" verification that a document is 
executed and transmitted by the document's originator. 
The methods and apparatus eliminate the need for "hard 
copies" of original documents as well as hard copy stor- 
age. Retrieval of an authenticated document from the 
Authentication Center may be done by any number of 
authorized parties at any time by on-line capability. 



DAS FUNCTIONAL INTERRELATIONSHIP 



I CRYPTO BACKUP SUBSYSTEM 1 




•LOW/M E 6 IUM J 
JjSPEEDPpRJJ 



AUTHENTICATION 
CENTER 



PCM/CIA 
INTERF. 


MESSAGE 
HANDLER 


MM!/ 
APPL 


ENCRYPTION 



fMULTIPORT | 
•CONTROLLER; 


ENCRYPTOR A 

BACKUP 

COMMB/5 


STORAGE 
COMMS 


TERMINAL 
COMMS/S 






6/8 


{pes board! 

MESSAGE 
HANDLING &/S 




*-4TORAG£ 


BACKUP 
8/S 


ROOMS 


AUDIT 
S/3 


P 
R 




KEY MGMT 

8/3 


SYSTEM ADMIN 


1 

N 


INPUT/OUTPUT 


T 



TERMINAL SUBSYSTEM 

Terminal; PC 
MS/DOS 
Wlndowi 



SERVER. .SUBSYSTEM 



Running Aflant Application 
with transplant tacuro 
communications 



460/50 Gyatam Pro 
UNIX 

Built Around Powerful 
muttfuear RDBMS, 
aupporUng mu&fple 
terminal communication* 
whh complete audit end 
administration 



488/50 PC 
MS/U03 

ProvWoa Encryption 



FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT. 



AL 


Albania 


ES 


Spain 


LS 


Lesotho 


SI 


Slovenia 


AM 


Armenia 


FI 


Finland 


LT 


Lithuania 


SK 


Slovakia 


AT 


Austria 


FR 


France 


LU 


Luxembourg 


SN 


Senegal 


AU 


Australia 


GA 


Gabon 


LV 


Latvia 


SZ 


Swaziland 


AZ 


Azerbaijan 


GB 


United Kingdom 


MC 


Monaco 


TD 


Chad 


BA 


Bosnia and Herzegovina 


GE 


Georgia 


MD 


Republic of Moldova 


TG 


Togo 


BB 


Barbados 


GH 


Ghana 


MG 


Madagascar 


TJ 


Tajikistan 


BE 


Belgium 


GN 


Guinea 


MK 


The former Yugoslav 


TM 


Turkmenistan 


BF 


Burkina Faso 


GK 


Greece 




Republic of Macedonia 


TR 


Turkey 


BG 


Bulgaria 


HU 


Hungary 


ML 


Mali 


TT 


Trinidad and Tobago 


BJ 


Benin 


IE 


Ireland 


MN 


Mongolia 


UA 


Ukraine 


BR 


Brazil 


IL 


Israel 


MR 


Mauritania 


UG 


Uganda 


BY 


Belarus 


IS 


Iceland 


MW 


Malawi 


US 


United States of America 


CA 


Canada 


IT 


Italy 


MX 


Mexico 


uz 


Uzbekistan 


CF 


Central African Republic 


JP 


Japan 


NE 


Niger 


VN 


Viet Nam 


CG 


Congo 


KE 


Kenya 


NX 


Netherlands 


YU 


Yugoslavia 


CH 


Switzerland 


KG 


Kyrgyzstan 


NO 


Norway 


zw 


Zimbabwe 


CI 


Cote d'lvoire 


KP 


Democratic People's 


NZ 


New Zealand 






CM 


Cameroon 




Republic of Korea 


PL 


Poland 






CN 


China 


KR 


Republic of Korea 


PT 


Portugal 






CU 


Cuba 


KZ 


Kazakstan 


RO 


Romania 






CZ 


Czech Republic 


LC 


Saint Lucia 


RU 


Russian Federation 






DE 


Germany 


LI 


Liechtenstein 


SD 


Sudan 






DK 


Denmark 


LK 


Sri Lanka 


SE 


Sweden 






EE 


Estonia 


LR 


Liberia 


SG 


Singapore 







WO 99/57847 



PCT/US99/06563 



SYSTEM AND METHOD FOR ELECTRONIC TRANSMISSION, 
STORAGE AND RETRIEVAL OF AUTHENTICATED DOCUMENTS 



BACKGROUND 

Applicant's invention relates to systems and methods for providing a 
5 verifiable chain of evidence and security for the transfer and retrieval of 
documents in digital formats. 

Paper documents are the traditional evidence of the communications and 
agreements between parties in commercial and other transactions. Financial and 
real-estate transactions are protected by paper-based controls. Signatures and 
10 safety paper (such as pre-printed checks) facilitate detection of unauthorized 

alterations of the information of commercial transactions. Important documents 
may also be provided with "third man" controls, by the witnessing of signatures 
and by the seal and acknowledgment of a Notary Public. 

The methods of commerce, however, have changed dramatically and 
15 continue to evolve. This is most evident in the replacement of paper-based 

communications with electronic communications. The "due care" controls used 
with paper-based communications do not exist in routine electronic transactions. 
Standard electronic communication over open systems does not have the same 
ability to provide authentication, privacy, and integrity of the communicated 
20 information. By "authentication" is meant verification of the identity of the 

signatory of a document; by "privacy" is meant protection of the information in a 
document from unauthorized disclosure; and by "integrity" is meant the ability to 
detect any alteration of the contents of a document. 

When communication is by electronically reproduced messages such as 
25 e-mail, facsimile machine, imaging, electronic data interchange or electronic fund 
transfer, there no longer exists a signature or seal to authenticate the identity of 
. the transferor. The traditional legally accepted methods of verifying the identity 
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of a document's originator, such as physical presence or appearance, an ink 
signature, personal witness or Notary Public acknowledgment, are not possible. 

The continued evolution of computer and telecommunications technology 
has regretfully been accompanied by the invention of more sophisticated ways to 
5 intercept and alter information electronically transmitted, including the widespread 
phenomenon of remote intrusion of computer systems through telecommunication 
links. 

Some approaches to providing secure electronic commerce technology by 
applying cryptography give the user a verification mechanism for the authenticity 

10 or privacy of the transmission that is controlled by the user and does not include 
the element of non-repudiation. In some cases the use of encryption for privacy 
could aid in the detection of document alterations, advancing the goal of integrity. 
This is not generally the case, however, and additional mechanisms may be 
required for providing integrity. At present, no distributed electronic document 

15 authentication system exists that can provide authentication, as with written or 
printed instruments, in a manner that cannot be repudiated. No commercial 
system provides electronic document verification based on a digital signature that 
cannot be repudiated, although some attempts have been described. See, e.g., D. 
Chaum, "Achieving Electronic Privacy", Scientific American , vol. 247, no. 8, pp. 

20 96-101 (Aug. 1992); C.R. Merrill, "Cryptography for Commerce — Beyond 
Clipper", The Data Law Report , vol. 2, no. 2, pp. 1,4-11 (Sep. 1994). Since 
DES, no governmental organization or other standards-setting body has been 
willing or able to set standards (i.e., as to cryptographic strength, process, etc.) 
acceptable for general commercial use. The techniques described in this 

25 application are synergistic and of sufficient assurance to be on par with the 
security needed to support a typical business transaction. 

Applicant's document authentication system (DAS) provides the needed 
security and protection of electronic transmissions, such as electronic documents. 
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Most important to commercial and financial institutions, Applicant's DAS assumes 
the risk and responsibility of a document's authenticity. Applicant's DAS utilizes 
an asymmetric cryptosystem, known as a public-key system, to help ensure that 
the party originating a document is electronically identifiable as such when a DAS 
5 digital signature is applied. 

Various aspects of public-key cryptographic (PKC) systems are described 
in the literature, including R.L. Rivest et al., "A Method for Obtaining Digital 
Signatures and Public-Key Cry ptosy stems," Communications of the ACM vol. 21, 
pp. 120-126 (Feb. 1978); M.E. Hellman, "The Mathematics of Public-Key 

10 Cryptography", Scientific American , vol. 234, no. 8, pp. 146-152, 154-157 (Aug. 
1979); and W. Diffie, "The First Ten Years of Public-Key Cryptography", 
Proceedings of the IEEE , vol. 76, pp. 560-577 (May 1988). Popular PKC 
systems make use of the fact that finding large prime numbers is computationally 
easy but factoring the products of two large prime numbers is computationally 

15 difficult. A PKC system is an asymmetric encryption system, meaning that it 
employs two keys, one for encryption and one for decryption. Asymmetric 
systems adhere to the principle that knowledge of one key (the public key) does 
not permit derivation of the second key (the private key). Thus, PKC permits the 
user's public key to be posted (e.g., in a directory or on a bulletin board), without 

20 compromising his/her private key. This public key concept simplifies the key 

distribution process. Example PKC algorithms are the digital signature algorithm 
and secure hash algorithm (DSA/SHA) and RSA/MD5. 

Besides the PKC method, another encryption method is the symmetric 
algorithm. An example of this is the Data Encryption Standard (DES), which is 

25 described in Data Encryption Standard . Federal Information Processing Standards 
Publication 46 (1977) ("FIPS PUB 46", republished as FIPS PUB 46-1 (1988)) 
and DES Modes of Operation . FIPS PUB 81 (1980) that are available from the 
U.S. Department of Commerce. In general, a symmetric cryptographic system is 
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a set of instructions, implemented in either hardware, software or both that can 
convert plaintext (the unencrypted information) to ciphertext, or vice versa, in a 
variety of ways, using a specific key that is known to the users but is kept secret 
from others. 

5 For either a symmetric or PKC system, the security of a message is 

dependent to a great extent on the length of the key, as described in C.E. 
Shannon, "Communication Theory of Secrecy Systems", Bell Svs. Tech. J. 
vol. 28, pp. 656-715 (Oct. 1949). 

SUMMARY 

10 These and other objects and advantages are provided by the DAS which 

comprises the means to identify the originator of the electronic document, to 
provide irrevocable proof of the integrity of an electronic document and the means 
to prevent the originator of the document from denying the document's originator, 
i.e., non-repudiation. 

15 In one aspect of Applicants' invention, a method of executing a transaction 

by transferring authenticated information objects having respective verifiable 
evidence trails includes the step of retrieving, by a first party from a trusted 
repository, an authenticated information object. The authenticated information 
object includes a first digital signature of the first party, a first certificate relating 

20 at least an identity and a cryptographic key to the first party, date and time stamps 
and a certificate applied by the trusted repository, and a digital signature of the 
trusted repository. The first digital signature and first certificate have been 
validated by the trusted repository. The certificate relates at least an identity and a 
cryptographic key to the trusted repository, and die authenticated information 

25 object has been stored under the control of the trusted repository. 

The method further includes the steps of attaching instructions to the 
retrieved authenticated object; transmitting the retrieved authenticated object and 
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the attached instructions to a second party; receiving, by the second party, the 
transmitted retrieved authenticated object and attached instructions; presenting, by 
the second party to the trusted repository, the received transmitted retrieved 
authenticated object and attached instructions; and executing the transaction 
5 according to the instructions presented to the trusted repository. 

The instructions may cause the trusted repository to transfer ownership of 
the authenticated information object from the first party to the second party, and 
the trusted repository may validate a digital signature of the second party included 
with the presented object, apply date and time stamps to the presented object, and 

10 sign the stamped presented object with its digital signature. Furthermore, the first 
party may apply a digital signature to the retrieved authenticated object and the 
instructions before they are transmitted to the second party. Also, the retrieved 
authenticated object and the attached instructions may be transmitted by the trusted 
repository to each of a plurality of second parties in accordance with the attached 

15 instructions, which may cause the trusted repository to take at least one of the 
following actions: accept a first-received response, accept a greatest-value 
response, accept a response greater than an amount, and accept a response 
presented before a closing date. The instructions may also provide a syndicated 
transaction. 

20 In another aspect of Applicants' invention, a method of executing a 

transaction by transferring authenticated information objects having respective 
verifiable evidence trails includes the step of retrieving, by a first party from an 
trusted repository, an authenticated information object. The authenticated 
information object includes a first digital signature of the first party, a first 

25 certificate relating at least an identity and a cryptographic key to the first party, 
date and time stamps and a certificate applied by the trusted repository, and a 
digital signature of the trusted repository. The first digital signature and first 
certificate have been validated by the trusted repository. The certificate relates at 
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least an identity and a cryptographic key to the trusted repository, and the 
authenticated information object has been stored under the control of the trusted 
repository. 

The method further includes the steps of attaching first instructions to the 
5 retrieved authenticated object; transmitting the retrieved authenticated object and 
the first instructions to a second party; receiving, by the second party; the 
transmitted retrieved authenticated object and first instructions; communicating, by 
the second party to the first party, a response to the received transmitted retrieved 
authenticated object and first instructions; sending second instructions from the 
10 first party to the trusted repository; and executing the transaction according to the 
second instructions. 

The instructions may cause the trusted repository to transfer ownership of 
the authenticated information object from the first party to the second party, and 
the first party may apply a digital signature to the retrieved authenticated object 
15 and the instructions before they are transmitted to the second party. The first and 
second instructions may provide a syndicated transaction. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The various features and advantages of Applicant's invention will become 
apparent by reading this description in conjunction with the drawings in which: 
20 FIG. 1 is a block diagram of the liability allocation for authentication in the 

DAS; 

FIG. 2 summarizes the functions of the DAS relating to document 
transmission authorization and protection; 

FIG. 3 is a simple diagram of the DAS architecture; 
25 FIG. 4 is a block diagram of the functional interrelationship between a 

Transfer Agent and an Authentication Center; 

FIG. 5 is a block diagram of DAS control functions; 
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FIGs. 6a, 6b are diagrams illustrating application of the DAS in the 
mortgage finance industry with a title company/closing agent for a loan as a 
Transfer Agent; 

FIG. 7 illustrates the document certification process more generally; 
5 FIG. 8 illustrates generation of a digital signature; 

FIG. 9 illustrates digitally signing a document and validation of the digital 
signature; 

FIG. 10 illustrates the format of a certificate employed by a user or the 
Certification Authority; 
10 FIG. 11 illustrates validation of certificates; and 

FIG. 12 illustrates generation of certificates. 

DETAILED DESCRIPTION 

Applicant's invention can be implemented utilizing commercially available 
computer systems and technology to create an integrated closed system for 

15 authentication of electronic documents. 

Referring to FIG. 1, which is a block diagram of the liability allocation for 
authentication in Applicant's DAS, the DAS uses a Certification Authority 
framework by which public/private keys, that are utilized to encrypt/decrypt 
and/or digitally sign a document, are delivered to a document's originator by an 

20 established, auditable means. Certificates and certification frameworks are 
described in the above-cited publication by C.R. Merrill and in ITU-T 
Recommendation X.509 (1993)|ISO/IEC 9594-8:1995 Information 
Technology — Open Systems Interconnection — The Directory: Authentication 
Framework (including all amendments), which is expressly incorporated here by 

25 reference. The infrastructure and certificate definitions used in this application are 
based on these documents. 
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As described below, the public/private key is advantageously delivered in 
the form of a Token such as an electronic circuit card conforming to the standards 
of the PC Memory Card Interface Association (a PCMCIA card or PC Card) for 
use in the originator's computer. In general a Token is a portable transfer device 
5 that is used for transporting keys, or parts of keys. It will be understood that PC 
Cards are just one form of delivery mechanism for public/private keys for 
Applicant's DAS; other kinds of Tokens may also be used, such as floppy 
diskettes and Smart Cards. To ensure reliable delivery a service such as the 
bonded courier services commonly used to ferry securities between parties could 

10 be used to deliver the media to the document originator. 

Advantageously, many commercially available Tokens that embody on- 
board cryptography generate the public/private key pairs on the cards, and the 
private keys never leave the cards unencrypted. The public keys are exported to 
the Certification Authority for inclusion, with the identity of the intended recipient 

15 and appropriate user attributes among other things, into a "certificate". Principal 
components of the DAS system assurance are the correct operation of the 
Certification Authority framework, the tight binding of user identity and attributes 
to the public key in the certificate, and the reliable delivery of the Token to the 
authorized recipient. 

20 In an additional aspect of Applicant's invention, the public/private key is 

only effective when it is used in conjunction with a certificate and personal 
identification information such as the recipient's biometric information (e.g., 
retina-, finger-, and voice-prints) or a personal identification number (PIN) that is 
assigned to the recipient of the card by the Certification Authority and that may be 

25 delivered separate from the originator's card. Any subsequent transmitter of the 
document who is required to digitally sign or encrypt the document would 
similarly be provided with a respective card and personal identification 
information. 
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In FIG. 1, a document's originator and any subsequent transmitter are 
called a Transfer Agent, and it will be appreciated that a Transfer Agent is 
identified to the DAS by its possession and use of a valid certificate and a valid 
PIN. In issuing the key and PIN to the Transfer Agent, the DAS advantageously 
5 records one or more attributes of the Transfer Agent in association with the key 
and PIN. For example, the Transfer Agent may be authorized to conduct only 
certain types of transactions and/or transactions having less than a predetermined 
value. 

Issuance by the Certification Authority of a digitally signed certificate 

10 ensures the verifiability of the identity of each transmitter of a digitally signed or 
encrypted document. The Certification Authority also retains the ability to revoke 
a public/private key, or to reissue a public/private key, from a remote location 
electronically. The Certification Authority can also support privilege management 
in accordance with the policy set for the system. For example, the Certification 

15 Authority can set financial or other limits on the authority granted to the Transfer 
Agent by conveying those authorizations or restrictions as certificate attributes. 
These attributes can be retrieved from the certificate and enforced by other 
elements in the system. 

In an important aspect of Applicant's invention, the DAS is a system for 

20 authenticating a document by applying digital signature encryption technology. As 
used here, "authentication" is the corroboration and verification of the identity of 
the party which executed, sealed, or transmitted the original document and 
verification that the encrypted document received is the document sent by that 
party. The DAS uses an Authentication Center to provide an audit or evidence 

25 trail, for applications that require this capability, from the original execution of the 
executed or encrypted or sealed document through all subsequent transmissions. 

The Certification Authority would use a physically secure facility that is a 
"trusted center" having twenty-four-hour security, an alarm system, and "vaulted" 
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construction. In view of its importance, a facility would advantageously include 
two-person controls, with no single person having access to key generating or key 
management systems. All personnel connected with the operations of 
cryptographic key management and transmission of electronic documents would 
5 have their trustworthiness evaluated in the surest ways possible, e.g., personal 
interviews, background checks, polygraphs, etc. Moreover, the Certification 
Authority management would implement procedures that prevent single-point 
failures, requiring collaboration for compromise to take place. In this way, one 
individual would be prevented from obtaining complete access to key generation 

10 and to key management. 

Another aspect of Applicant's DAS authentication that is in contrast to 
prior systems is the utilization of an integrity block and a date and time "stamp" 
on each transmitted document. Suitable time and date stamps are those provided 
by systems described in U.S. Patents No. 5,136,646 and No. 5,136,647 to Stuart 

15 A. Haber and W.S. Stornetta, Jr., both of which are expressly incorporated here 
by reference, and commercially available from Surety Technologies, Inc. The 
integrity block, i.e., the digital signature, and the date and time stamp, which are 
applied by the Authentication Center, eliminate the possibility of unauthorized 
alteration or tampering with a document by die signatories subsequent to its 

20 original execution or sealing. The Authentication Center's integrity block for a 

document received from a Transfer Agent is generated using any of several known 
digital hashing algorithms. This integrity block ensures that the document cannot 
be altered without detection. In addition, use of the digital signing algorithm by 
the Authentication Center can advantageously provide for non-repudiation, i.e., 

25 precluding the originator from disavowing the document. Applicant's combination 
of the integrity block, date and time stamp, and audit provide notice and evidence 
of any attempt at alteration or substitution, even by a document's originator when 
the alteration is attempted after origination. 
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In accordance with Applicant's invention, each transaction and its 
documents are authenticated by transmission to the Authentication Center from the 
Transfer Agent's terminal. As described below, the Transfer Agent provides the 
document in digital form, such as the output of a conventional word processor, to 
5 the Transfer Agent's Token. As an option, a device for digitizing a hand-written 
signature may also be provided and the digitized signature may be added to the 
digital document. The digital document is digitally signed and/or encrypted by the 
DAS Token, and the digitally signed and/or encrypted version is communicated to 
the Authentication Center electronically (e.g., by modem or computer network). 

10 Other ways of communicating the digitally signed or encrypted documents might 
be used (for example, dispatching a diskette containing the document), but the 
great advantage of electronic communication is speed. 

The Authentication Center verifies the identity of the Transfer Agent and 
the authenticity of the documents, and appends a digital signature and a date and 

15 time stamp to the document, thereby establishing each transaction in a manner 
which can not be repudiated. The combination of these functions, in conjunction 
with a protected audit trail, can be used at a future date to prove conclusively that 
a party initiated a transaction. In particular, Applicant's invention provides for 
authentication of a document in a way that prohibits an originator from denying 

20 that the document originated with that originator, and provides irrevocable proof 
of authenticity. 

The authenticated, digitally signed and/or encrypted documents are stored 
by the third-party Authentication Center in any convenient form, such as on 
optical and/or magnetic disks. Once a transaction is completed and the digitally 
25 signed and/or encrypted document or documents are transmitted and authenticated 
by the Authentication Center, any authorized party can access the Authentication 
Center through an electronic device such as a modem to obtain or further transmit 
an authenticated document. All transmissions of electronic documents from the 
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originator are made to the Authentication Center, which provides authentication as 
described above and stores the authenticated documents for transmission to and on 
behalf of authorized parties whose identities and policies are similarly 
authenticated by the Authentication Center. Authorization for access may be 

5 restricted to the level of a single document or group of documents. 

In accordance with Applicant's invention, the DAS verifies and ensures 
that documents that have been transmitted, stored, or retrieved have not been 
accidentally or intentionally modified. The DAS can verify at any stage and at 
any time that a document is exactly, to the last bit, the document which was 

10 executed and transmitted by the originator and that the document has not been 
altered or impaired in any manner. This element of integrity combined with a 
digital signature and a date and time stamp enable the DAS to ensure that a 
document is not a fabrication, forgery, impersonation, or unauthorized 
replacement of a document originally executed or sealed by the document's 

15 originator. 

Since originators of documents to be signed and/or encrypted, such as loan 
and mortgage documents, commercial paper and other securities, property deeds 
and leases, etc., should be able to execute their transactions from a variety of 
locations, the DAS moves the heart of the cryptographic process to a Token 

20 entrusted to a respective authorized Transfer Agent. This permits individual 
utilization of any DAS enabled computer in any location that is networked or 
connected with the Authentication Center. As described above, the cryptographic 
cards and certificates are issued and monitored by the Certification Authority. 
Certificates are further controlled through the inclusion of an "expiration period" 

25 field, which enables the periodic replacement if desired of the Transfer Agent 
certificates. It will be appreciated that certificates in accordance with X.509 
include a plurality of such fields, but only those fields important to understanding 
the operation of the invention are described here. 
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FIG. 2 summarizes the functions of the DAS relating to document 
transmission authorization and protection. In the left column are the functions of 
a Transfer Agent's Token; in the center column are other functions carried out by 
the Transfer Agent's transmission device; and in the right column are functions of 
5 the DAS. FIG. 3 is a diagram illustrating interconnections among three Transfer 
Agent terminals and a server subsystem and backup subsystem in the 
Authentication Center in the DAS architecture. FIG. 4 is a block diagram of the 
functional interrelationship between a Transfer Agent and the Authentication 
Center. 

10 The cryptographic card includes components, such as a microprocessor and 

electronic memory devices, for carrying out the steps of a PKC algorithm as well 
as a symmetric encryption algorithm such as DES. Also, the card should be 
tamper-proof, which can be assured by designing it to delete critical keys and/or 
algorithms upon any attempted penetration or alteration. The National Institute of 

15 Standards and Technology has been chartered to certify the authentication 

implementation of the cryptographic card suppliers that may be used by the DAS. 

In accordance with Applicant's invention, each transaction and its 
documents are authenticated using a public key contained in the Transfer Agent's 
certificate. Privacy, signature, and/or integrity devices and software are 

20 commercially available from a number of sources, including RSA Data Security, 
Inc.; Public Key Partners; Surety Technologies, Inc.; Ascom Tech AG, 
Switzerland; National Semiconductor; Northern Telecom Ltd.; and Spyrus. 

The Authentication Center makes use of its own secret key to sign again 
the transaction in a manner that cannot be repudiated. The combination of the 

25 Transfer Agent's and Authentication Center's signatures (in conjunction with the 
physically protected audit trail) can be used at a future date to prove conclusively 
that an agent, employee, or firm (the Transfer Agent) initiated a specific 



WO 99/57847 



PCT/US99/06563 



- 14- 



transaction. In addition, a Notary Public support function is available for 
implementation as described below. 

Employee or agent sign-on at the Transfer Agent's terminal is protected by 
the personal identification information and the cryptographic features of the 
5 cryptographic card held by that Transfer Agent. The combination of these 
controls uniquely identifies the agent or employee, thereby enabling DAS. In 
addition, agent or employee authorization and attribute information may be stored 
in the certificates or Token memory in protected or sealed form as described 
above. The DAS uses this information in conjunction with the PIN to set 

10 privilege, access, volume and fund amount limits. 

The DAS provides a distributed validation capability using a "signature" 
that cannot be repudiated. The strategy uses PKC to reduce the key management 
overhead and to provide a digital signature that cannot be repudiated for all 
documents and transactions. Encryption is used to provide confidentiality 

15 protection of the PIN and other transaction details as described above. These 
control functions of the DAS are summarized in FIG. 5. 

Additionally, the DAS is compatible with the full range of modern 
distributed, and client/server transactional based applications. It operates 
effectively in LAN, WAN, and dial-up networks. The DAS preferably utilizes 

20 modern database tools, and thus the server can advantageously utilize relational 
technology with a SQL interface (e.g., SYBASE). 

As illustrated in FIG. 4, the originator of an electronic document or other 
Transfer Agent may implement the DAS with a typical 486 desktop or laptop 
computer having the DAS encryption subsystem (Token) installed and optionally 

25 an electronic digital signature pad for hand-signed "execution" of the document. It 
is not required for the function of the DAS to have a hand-signed instrument since 
a digital signature on the document is sufficient. However, at this time, a typical 
party in loan or other commercial transactions requires the comfort of receiving 
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laser-printed copies of documents which have been executed by hand. Other 
components and software typically provided in the Transfer Agent terminal are a 
communication subsystem for handling transmission of encrypted or digitally 
signed documents to the Authentication Center by a modem telephone line or other 
5 suitable communication link, a Token interface, a message handler, input/output 
interface, and multimessage input application. 

The Authentication Center is advantageously organized as a server 
subsystem, a crypto backup subsystem, and storage. As part of the server 
subsystem, which may be implemented with a 486 computer running under a 

10 UNIX-type operating system, a terminal communication subsystem includes a 
multiport controller (see also FIG. 3) that handles communications with the 
Transfer Agent terminals. Also provided in the server subsystem are a 
cryptographic key management subsystem, a backup subsystem, a relational 
database management system, input/output (I/O), system administration, and audit 

15 subsystem. A Token and backup communication subsystem interfaces with the 
backup subsystem mentioned above that may be implemented as a 486 computer 
running under a DOS-type operating system. A storage communication subsystem 
interfaces with the document storage device or devices mentioned above. 

The DAS also would permit a "Notary Public" type of secondary support 

20 function. This would permit a third party present at the document's execution to 
also have a cryptographic card which would "seal" the transaction for further 
verification that the parties executing or sealing the document to be signed were in 
fact the proper parties. This additional notary function is not required, but would 
assist in the further authentication of the identities of the parties. 

25 FIGs. 6a, 6b are diagrams illustrating a typical application of the DAS in 

the mortgage finance industry with a title company /closing agent for the loan as a 
Transfer Agent. In step 1, the Certification Authority completes code generation 
and issues Tokens to authorized parties for transferring documents and 
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establishing legal evidence trails. The parties, who would generally not be 
individuals but commercial and financial institutions such as a BANK/Mortgage 
Co. and a Title Co. /Closing Agent, would be equipped to transmit and receive 
documents electronically. In step 2, a Bank/Mortgage Co. loads and 
5 electronically transmits loan documents to the Authentication Center, which 

forwards them to a Title Co. /Closing Agent after adding integrity blocks and date 
and time stamps. In step 3, the Authentication Center transmits the authenticated 
loan documents to the Title Co. /Closing Agent. 

In step 4, the Title Co. /Closing Agent has the documents executed by 

10 digitized autograph signature by a Homebuyer/Homeowner. In step 5, the 

Title Co. /Closing Agent provides Homeowner/Homebuyer with "hard copies" of 
the signed documents. In step 6, the Title Co ./Closing Agent transmits the 
documents to the Authentication Center, which adds the integrity blocks and dates 
and time stamps the executed documents, forwards the documents to the 

15 Bank/Mortgage Co., and stores the documents. Whenever the Bank/Mortgage 
Co. needs copies of the authentic documents, they can be retrieved on-line from 
Authentication Center storage. 

In step 7, the Bank/Mortgage Co. directs that the authentic documents be 
transferred by the Authentication Center to a secondary-market Mortgage 

20 Bank/Investor. In step 8, whenever the Investor needs authentic documents, they 
can be retrieved on-line from the Authentication Center. 

FIG. 7 further illustrates an example of Applicant's document certification 
process. In the first step, an electronic document is designed, or drafted, that 
reflects the agreement of parties, such as a manufacturing operation depicted by 

25 the factory in FIG. 7. The electronic document is provided to a Transfer Agent's 
terminal, which is illustrated as a portable computer having an authorized Token 
and, optionally, a stylus pad for capturing hand-written signatures. A typical 
configuration for a Transfer Agent's terminal is at least the computational 
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equivalent of a 386 desktop or laptop computer, with high resolution graphics, a 
PC Token reader, and a stylus pad for capturing hand-written signatures. As 
shown in FIG. 7, the electronic document, which may be created locally or 
remotely, is displayed on this terminal. 
5 In the second step, the parties to the agreement execute their hand-written 

signatures on the document using the stylus pad. These signatures are captured 
and inserted in appropriate locations in the electronic document. After all parties 
have signed the document, the Transfer Agent certifies the completion of the 
document's execution by invoking his or her digital signature and appending his or 

10 her certificate, using the Token. 

If an original paper document were desired, the electronic document would 
be printed first. The paper document would then be placed on the stylus pad and 
the terminal's cursor positioned to the corresponding place in the electronic 
document. This permits the capture and transfer of hand-written signatures during 

15 the actual signing of the paper document. The electronic version is then an exact 
duplicate of the paper document. 

After local certification, the Transfer Agent transmits the electronic 
document to the Authentication Center in the third step of the process. The 
Authentication Center preferably includes a high-volume utility server computer, 

20 having substantial storage capacity and backup capability, and is a secure and 
highly assured facility. The Authentication Center contains a separate digital 
signature capability, one or more Tokens, and an accurate time base. 

When an electronic document is received, the authenticity and rights of the 
Transfer Agent are validated by the Authentication Center (step 4). If 

25 authenticated, the electronic document is time- and date-stamped (step 5), digitally 
signed (step 6), journaled (step 7), and stored by the Authentication Center. 
Certified copies of the electronic document may then be distributed according to 
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instructions from an appropriate party, such as the holder of a beneficial interest 
(owner) designated by the document. 

The Authentication Center maintains the electronic document and a log, or 
history, of all transactions, such as requests for copies, etc., related to it. It will 
be appreciated that the log is useful for many management functions that 
contribute to the usefulness of the system. For example, the log facilitates 
identifying subsequent electronic submissions related to a transaction and 
contributes to liability limitation for the Authentication Center. Also, the log is 
useful as evidence of the document's chain of custody. 

The Authentication Center also controls access to the document in 
accordance with authorization instructions provided by the owner of the document. 
Such authorization instructions would be updated or revised in conformance with 
changes (e.g., assignments) in the document's ownership. 

FIG. 8 illustrates the process of digitally signing an electronic document, 
depicted more generally as an "information object", by application of a hash 
function. In general, a hash function is a truly one-way cryptographic function 
that is computed over the length of the information object to be protected. The 
hash function produces a "message digest" in a way such that no two different 
information objects produce the same message digest. Since a different message 
digest is produced if even one bit of the information object is changed, the hash 
function is a strong integrity check. 

In accordance with the invention, the message digest is encrypted using the 
signatory's secret key, thereby producing the signatory's digital signature. The 
combination of hashing and encryption in this way insures the system's integrity 
(i.e., the ability to detect modification) and attribution capability (i.e., ability to 
identify a signatory, or responsible party). The digital signature (the encrypted 
message digest) is appended to the readable information object (see steps 2 and 6 
depicted in FIG. 7). 
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Of the many different hash functions that are known, it is currently 
believed that those designated MD4 and MD5, which are embodied in circuits 
commercially available from vendors identified above, and the U.S. government's 
published secure hash algorithm are suitably robust for use in Applicant's DAS. 
5 Of course, other hash functions can be expected to become available as time 
passes. 

The steps of digitally signing an electronic document (steps 2 and 6 
depicted in FIG. 7) and validating the digital signatures (step 4 in FIG. 7) are 
further illustrated in FIG. 9. The electronic document has appended to it one or 

10 more digital signatures, which are created by using a signature algorithm and the 
secret key(s) of the signatory(s) as described in connection with FIG. 8, and the 
certificate(s) of the signatory (s). As described above, each such certificate 
conveys the identity of the signatory, the signatory's public signature/verification 
key, predetermined collateral information about the signatory, and the digitally 

15 signed message digest of the certificate. The format of these pertinent parts of 
such a certificate in accordance with the X.509 Recommendation that would be 
employed by a user or the Certification Authority is illustrated in FIG. 10. 

The signature validation step, which would normally but not necessarily be 
carried out by the Authentication Center, comprises decrypting the message digest 

20 appended to the document, re-hashing the document to generate another message 
digest, and comparing the resulting message digest to the decrypted message 
digest. The public signature/verification key found in the certificate signed by the 
Certification Authority and appended to the document is used for decrypting the 
appended message digest. If the two message digest values agree, the identity of 

25 the individual named in the certificate can be asserted as the signatory of the 
document, or other information object, and the integrity of the document is 
confirmed and guaranteed. An Authentication Center attests to this result by itself 
digitally signing the document, 
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As shown in FIG. 11, a certificate of a user (Transfer Agent) or even of a 
Certification Authority is preferably digitally signed in substantially the same way 
that electronic documents are digitally signed, except that such a certificate is 
signed by authorities specifically empowered to create certificates. Validation of a 

5 document's digital signatures includes validation of the public signatures of all 
Certification Authorities in a path between the signatory and a Root Authority, 
which is the most superior Certification Authority. The signatures of these 
Certification Authorities are loaded in the signatory's Token and appended to 
documents prepared with that Token. 

10 As illustrated by FIG. 12, the path from the signatory to the Root 

Authority may be considered part of an authentication tree. The signatory's 
(user's) certificate is digitally signed by a Certification Authority whose own 
certificate (the CA Certificate) is signed by the Root Certification Authority. 
Since there is likely to be a plurality of Certification Authorities located on 

15 different branches of the authentication tree, it is only necessary to retrieve all 
Certification Authority certificates along both branches until a common node is 
encountered, in order to authenticate a digital signature for an entity on a different 
branch of an authentication tree, and to verify the authenticities of the certificates 
up to the common node. 

20 It can be seen from the description above that Applicants' invention is 

useful in a wide variety of commercial and other transactions. For example, 
transfers of stored authenticated information objects according to suitable 
instructions can occur "internally" (without retrieving a stored object) or 
"externally" (by retrieving an object and providing it to another). Also, 

25 establishment of a verifiable evidence trail, or chain of custody, by date and time 
stamping an object, signing with another digital signature, appending another 
certificate, and storing the resulting object are described. Accordingly, 
Applicants' invention enables sales, assignments, and other ownership transfers of 
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authenticated information objects, which may have intrinsic value, like electronic 
artistic works, as well as extrinsic value, like notes and securities. 

It will be appreciated that Applicants' invention is not limited to such 
scenarios, however, but rather also enables a wide variety of transactions, 
5 including, for just one example, contract formation by an authenticated offer (an 
information object) that may be retrieved or distributed to one or more entities 
according to suitable instructions from the owner of the information object. An 
entity's acceptance or counter-offer, as well as a final agreement, can be 
information objects that would be subsequently received in relation to the 

10 transaction of contract formation. It may be noted that the originator of an 

information object may be the entity that digitally signs and appends a certificate 
to the information object. 

Such scenarios benefit substantially from Applicants' systems and methods 
that implement PKC for the registration and transfer of ownership of stored 

15 original authenticated electronic records or objects. A trusted third party, the 

Authentication Center, performs the storage, custodial, and registry functions for 
the benefit of the owner of the electronic record. Applicants' systems and 
methods make it possible to establish ownership of electronic records, and to 
provide irrefutable proof when a transfer of ownership takes place. This supports 

20 stranger-to-stranger transfers, which in the following example involves three steps 
(an offer, an acceptance, and a record of transfer) that are independently 
performed by the offer's owner, the offer's recipient, and the trusted third party, 
respectively. In accordance with Applicants' invention, a document's current 
owner, the owner's offer to one or more potential buyers, and the acceptance of 

25 the offer by a buyer(s) are identified, and a chronicle evidencing the transfer is 
created. From this example, the withdrawal of an offer anytime prior to its 
acceptance and the transfer of the record can also be seen. 
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To begin this example, an information object, be it a document, negotiable 
instrument, or other valuated object, would be under the control of the 
Authentication Center, and a first party wishes to transfer the authenticated object 
to a second party. The first party would propose to transfer the authenticated 
5 object to the second party by retrieving the authenticated object from the trusted 
repository, attaching instructions to the authenticated object, and transmitting the 
object and instructions/terms of transfer to the second party by a secure 
transmission means. Traditional paper transfers would use transmission means 
such as a courier or registered mail. Since the information object in this example 
10 is electronic and is protected by the methods and apparatus described in this 

application, secure electronic means could be used to transmit the object and its 
instructions; for example, these electronic means could include the first party's 
applying a digital signature to the authenticated object and the associated 
instructions. 

15 The second party would receive the transmitted authenticated object and 

instructions, and might decide to accept the offer. The second party could then 
present the accepted offer/object and instructions to the Authentication Center 
(trusted repository), which would effect transfer of ownership of the document as 
instructed. Alternatively, the second party could communicate its acceptance of 

20 the offer to the first party, who would then transfer this acceptance in the form of 
instructions to the repository to assign ownership of the object to the second party. 
In either case, the actual transfer or assignment of ownership would occur at the 
trusted repository, which would validate the digital signature of the new owner 
(the second party) on object, apply a date and time stamp, and sign all of this with 

25 its own digital signature. Of course, the terms of transfer from the first party to 
the second party (instructions) might provide for rescission of the offer by the first 
party at any time or subsequent to a specified time, in which case the first party 
could rescind the offer by instructing the repository to assign ownership of the 
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object to the first party itself, in effect simply replacing the first party's prior 
ownership with a "new" ownership by the first party. 

The preceding example can be expressed more economically for the 
symbolically inclined as follows: 
5 Offer from B to C S b (S' TR (S b (S a (Object))), Cert c , Qual) 

Acceptance C to TR S c (S a (Object)), S b (S' TR (S b (S a (Object))), Cert c , 

Qual) 

Alternative acceptance S c (S c (S a (Object)), S b (S' TR (S b (S a (Object))), 

Cert c , Qual)) 

10 Transfer by TR to B&C S' TR (S c (S a (Object))) 

where (Object) is, e.g., a document, fax, graphic, certificate, promissory note, 
etc.; Cert is irrefutable proof of user identity when used with secret key (e.g., an 
X.509 certificate); TR is the Trusted Repository, which is the object record keeper 
and registry, controlling the object on behalf of the object's owner; S a is the 

15 originator of a secured object; S b is the first party to obtain ownership of the 

secured object; S c is the second party, potential new owner of the secured object; 
S is a digital signature; S' is the digital signature and time stamp of the TR; 
S a (Object) is the object signed by A; S b (S a (Object)) is the authenticated (secured) 
object; S' T R(S b (S a (Object))) is the authenticated object stored by TR; and Qual 

20 represents the qualifications or instructions on the offer that may govern TR's 
actions (e.g., accept the first received response, accept the highest response, 
accept a response greater than an amount, response closing date). For counter- 
offers, Qual might take the form of, for example, accept contingent on, after date, 
bid, etc. 

25 The signed object S a (Object) is created by S a , the ownership of which by S b 

is denoted by S b (S a (Object)). S b sends the signed object to TR, which creates 
S , TR (S b (S a (Object))), the authenticated object. The TR records, registers, and 
controls S , TR (S b (S 0 (Object))), which becomes the responsibility of the TR. S b 
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makes the offer to S c , which is denoted S b (S' TR (S 5 (S a (Object))), Cert c , Qual), 
where the inclusion of Cert indicates intended recipient(s) of the offer and the 
inclusion of the instructions Qual defines terms that must be enforced by the TR. 
S c accepts the offer by re-signing S a (Object), thereby creating S c (S a (Object)), 

5 which with S b (S , TR (S b (S a (Object))), Cert c , Qual)) is transmitted to the TR to initiate 
transfer of ownership. The TR validates the offer and determines if the Qual is 
satisfied. If both actions check, the TR time-stamps and signs the offer and 
acceptance, effecting the transfer by creating S' XR (S c (S a (Object))), and for audit 
purposes the TR creates S VS b (S ™(S b (S a (Object))X Cert b , Qual)). The TR 

10 records, registers, and controls S , T R(S b (S , TR (S b (S a (Object))), Cert b , Qual)) and 
S' T R(S c (S a (Object))). Transfer is completed and acknowledged by transmitting 
S\ R (S c (S a ,(Object))) to both S b & S c . 

The rescission of an offer can be expressed symbolically as follows: 

S b rescinds offer B to TR S b (S a (Object)), S b (SV R (S b (S a (Object))), Cert b? 

15 Qual) 

and multiple offers B to C, D, etc. can be expressed symbolically as: 

S b (S a (Object)), S b (S\ R (S b (S a (Object))), Cert c , Cert d , Qual) 
and counter offers C to B can be expressed as: 

S c (S b (S f XR (S b (S a (Object))), Cert c , Qual), Counter Offer) 

20 The preceding example that has been presented in words and in symbols is 

just one of many specific applications of Applicants' invention that each have their 
own particular advantages. It will be understood, for example, that transactions 
involving a plurality of strangers, e.g., a stranger-to-stranger-to-stranger transfer 
can easily be carried out by sequentially repeating the preceding example, once for 

25 each pair of strangers. 

It will also be understood that the instructions can direct a transaction along 
many different paths and that instructions may come from a variety of entities, 
including the owner of an information object, an owner-designated custodian of an 
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information object, or another agent. Instructions may be tiered by an electronic 
agent, which is generally understood to be a computer program or other automated 
process that can interpret instructions and act on them for a predictable end. 
Tiered instructions would have levels of response and decision making, such as if 
5 X (a second party) does not respond to an offer within a specified time period, 
then transmit the offer to Y (another second party), and if Y does not respond 
within another specified time period, then return the offer to the offeror (the first 
party). 

For example, the instructions can permit a second party to accept some (or 

10 all) of a set of authenticated information objects, such as a set of titles to a fleet of 
vehicles, or to accept specified portions of one or more objects in the set. 
Applicants' invention thus can provide asset- or risk-sharing or other forms of 
syndicated transactions; the instructions would permit other second parties to 
accept some or all of the remaining object or objects. This form of transaction 

15 might be useful in contexts, such as re-insurance, where it is desirable for one 
party, such as a primary insurer, to spread the cost or risk associated with an 
information object among several other parties, such as one or more re-insurers. 
Similarly, the instructions could permit a second party to "oversubscribe" to a first 
party's offer when the first party had one or more other "first parties" willing to 

20 provide the amount of the oversubscription. This form of transaction also might 
be useful in cost/risk management contexts like insurance, where a second party 
seeks to accept an object "greater" than the object offered by the first party. 

The features of the trusted repository that are described above permit the 
execution of transactions with the advantages of Applicants' invention. One form 

25 of trusted repository that is currently believed to be particularly advantageous may 
be called a "Trusted Custodial Utility". Such a Trusted Custodial Utility ("TCU") 
implements defined business rules for the transactions handled by the TCU (i.e., a 
complete set of authorized actions). The TCU also implements a defined security 
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policy (i.e., a set of protective measures that is necessary to prevent unauthorized 
actions). The TCU uses its business rules and security policy to govern 
transaction requests and access to the repository over the life cycle of all 
documents within its control, verifying the identities and authorities of parties 
5 (local and remote) requesting repository services. The TCU securely stores and 
securely retrieves digitally signed, authenticated, and encrypted electronic 
documents or information objects. Upon request, the TCU prints and issues 
certified documents. 

The TCU advantageously supports a multi-port token server for proving 

10 document authenticity, for verifying the identities of signing parties, and for 
authenticating (date- and time-stamping, and resealing) document submissions. 
The TCU provides for backup and disaster recovery, and ensures that stored 
information is not lost within a specified retention period, whether that period is 
specified by a user, law, or regulation. 

15 As described above, Applicants' invention provides for a verifiable chain of 

custody that can be useful for many purposes besides simply indicating the 
provenance or pedigree of a document or object. For example, governmental 
entities might use a chain of custody to help compute and collect taxes or other 
levies. The TCU provides such an evidence trail by receiving an original executed 

20 or signed document and verifying the identity of the signer and the authenticity of 
documents received. The TCU retrieves certificate revocation lists ("CRL's") 
from a directory, checks the CRL for Certificate validity, and checks the 
expiration date of the Certificate. The TCU then generates date and time stamps 
for the document received, and provides an integrity block that ensures that the 

25 document cannot be altered without detection. The integrity block is provided 

using a digital signature algorithm to provide for non-repudiation, i.e., the ability 
to prove the identity of the document's originator and the identity of the 
authentication center. The evidence trail uses the integrity block and date and time 
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stamps to provide notice and evidence of any alteration efforts, even by a 
document's originator, if alteration is attempted after origination. 

As noted above, certified documents advantageously can be printed or 
otherwise reduced to "hard copy" and issued by the trusted repository in response 
to a suitable instruction. It is currently believed to be preferable for the repository 
to apply to the hard copy some form of indicium or legend that is resistant to 
forgery or unauthorized imitation, such as a watermark, hologram, or similar, that 
would signify the repository's "certification" of the document. This is one way in 
which a user could withdraw its records from the repository, whether permanently 
or temporarily. 

It will be noted that the present description and drawings are illustrative 
only and that one of ordinary skill in the art would recognize that various 
modifications could be made without departing from the spirit or scope of the 
present invention which is to be limited only by the following claims. This 
application hereby incorporates by reference U.S. Patents No. 5,748,738 to 
Bisbee et al. and No. 5,615,268 to Bisbee et al. 
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WHAT IS CLAIMED IS: 

1 . A method of executing a transaction by transferring authenticated 
information objects having respective verifiable evidence trails, comprising the 
steps of: 

5 retrieving, by a first party from a trusted repository, an authenticated 

information object, wherein the authenticated information object includes a first 
digital signature of the first party, a first certificate relating at least an identity and 
a cryptographic key to the first party, date and time stamps and a certificate 
applied by the trusted repository, and a digital signature of the trusted repository; 
10 the first digital signature and first certificate have been validated by the trusted 

repository; the certificate relates at least an identity and a cryptographic key to the 
trusted repository; and the authenticated information object has been stored under 
the control of the trusted repository; 

attaching instructions to the retrieved authenticated object; 
15 transmitting the retrieved authenticated object and the attached instructions 

to a second party; 

receiving, by the second party, the transmitted retrieved authenticated 
object and attached instructions; 

presenting, by the second party to the trusted repository, the received 
20 transmitted retrieved authenticated object and attached instructions; and 

executing the transaction according to the instructions presented to the 
trusted repository. 



25 



2. The method of claim 1, wherein the instructions cause the trusted 
repository to transfer ownership of the authenticated information object from the 
first party to the second party. 
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3. The method of claim 2, wherein the trusted repository validates a 
digital signature of the second party included with the presented object, applies 
date and time stamps to the presented object, and signs the stamped presented 
object with its digital signature. 

5 4. The method of claim 1 , wherein the first party applies a digital 

signature to the retrieved authenticated object and the instructions before they are 
transmitted to the second party. 

5. The method of claim 1, wherein the retrieved authenticated object and 
the attached instructions are transmitted by the trusted repository to each of a 

10 plurality of second parties in accordance with the attached instructions. 

6. The method of claim 5, wherein the attached instructions cause the 
trusted repository to take at least one of the following actions: accept a first- 
received response, accept a greatest- value response, accept a response greater than 
an amount, and accept a response presented before a closing date. 

15 7. The method of claim 1, wherein the instructions provide a syndicated 

transaction. 

8. A method of executing a transaction by transferring authenticated 
information objects having respective verifiable evidence trails, comprising the 
steps of: 

20 retrieving, by a first party from an trusted repository, an authenticated 

information object, wherein the authenticated information object includes a first 
digital signature of the first party, a first certificate relating at least an identity and 
a cryptographic key to the first party, date and time stamps and a certificate 
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applied by the trusted repository, and a digital signature of the trusted repository; 
the first digital signature and first certificate have been validated by the trusted 
repository; the certificate relates at least an identity and a cryptographic key to the 
trusted repository; and the authenticated information object has been stored under 
5 the control of the trusted repository; 

attaching first instructions to the retrieved authenticated object; 

transmitting the retrieved authenticated object and the first instructions to a 
second party; 

receiving, by the second party, the transmitted retrieved authenticated 
10 object and first instructions; 

communicating, by the second party to the first party, a response to the 
received transmitted retrieved authenticated object and first instructions; 

sending second instructions from the first party to the trusted repository; 

and 

15 executing the transaction according to the second instructions. 

9. The method of claim 8, wherein the instructions cause the trusted 
repository to transfer ownership of the authenticated information object from the 
first party to the second party, 

10. The method of claim 8, wherein the first party applies a digital 

20 signature to the retrieved authenticated object and the instructions before they are 
transmitted to the second party. 

1 1 . The method of claim 8, wherein the first and second instructions 
provide a syndicated transaction. 
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FIG. 6b 

DOCUMENT AUTHENTICATION SYSTEM 
LOAN TRANSACTION 

Chart Steps 



Step 1. Complete Certification Authority code generation and 
card issuing to parties transferring the documents 
establishing legal evidence trail. Equip parties to 
transmit and receive documents 

Step 2. Bank/Mortgage Co. loads and electronically transmits 
documents to Authentication Center which forwards 
to Title Co./ Closing Agent 

Step 3. Authentication Center transmits documents to Title 
Co./ Closing Agent 

Step 4. Title Co./ Closing Agent has documents executed 
by digital signature by Homebuyer/ Homeowner 

Step 5. Title Co./ Closing Agent provides Homeowner/ 

Homebuyer with "Hard Copy" "of signed documents 

Step 6. Title Co./ Closing Agent transmits documents to 
Authentication Center which dates and time 
stamps the executed documents and forwards 
documents to Bank/ Mortgage Co. 

• Whenever Bank/ Mortgage Co. needs 
authentic documents, can retrieve on-line 
from Authentication Center storage 

Step 7. Bank/ Mortgage Co. directs authentic 

documents to be transferred by Authentication 
Authority to secondary market investor 

Step 8. Whenever investor needs authentic documents, 
can retrieve on-line from Authentication Center 



WO 99/57847 



PCT/US99/06563 



8/10 

FIG. 7 
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